diff options
author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-02-02 17:32:43 -0800 |
---|---|---|
committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-02-02 17:32:43 -0800 |
commit | e659fd609925f016b8682985313eb5322fb86115 (patch) | |
tree | 38c6fcc086603ceaa29751cee9ad8e80bb51513f /scripts | |
parent | b97952516e5afc651ae5423d23fe09a09e1aeb4a (diff) | |
download | vyatta-cfg-firewall-e659fd609925f016b8682985313eb5322fb86115.tar.gz vyatta-cfg-firewall-e659fd609925f016b8682985313eb5322fb86115.zip |
Remove old Xorp template
Diffstat (limited to 'scripts')
-rw-r--r-- | scripts/firewall/firewall.tp | 538 |
1 files changed, 0 insertions, 538 deletions
diff --git a/scripts/firewall/firewall.tp b/scripts/firewall/firewall.tp deleted file mode 100644 index 0948068..0000000 --- a/scripts/firewall/firewall.tp +++ /dev/null @@ -1,538 +0,0 @@ -/* - * Module: firewall.tp - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License version 2 as published by the - * Free Software Foundation. - * - */ -firewall { - targetname: txt = "rl_firewall"; -/* disable: toggle = true;*/ - - log-martians: txt = "enable"; - send-redirects: txt = "disable"; - receive-redirects:txt = "disable"; - ip-src-route: txt = "disable"; - broadcast-ping: txt = "disable"; - syn-cookies: txt = "enable"; - - name @: txt { - description: txt; - rule @: u32 { - protocol: txt = "all"; - icmp { - type: txt; - code: txt; - } - - state { - established: txt; - new: txt; - related: txt; - invalid: txt; - } - - action: txt; - log: txt = "disable"; - - source { - address: ipv4; - network: ipv4net; - range { - start: ipv4; - stop: ipv4; - } - - port-number: u32; - port-name: txt; - port-range { - start: u32; - stop: u32; - } - - } - destination { - address: ipv4; - network: ipv4net; - range { - start: ipv4; - stop: ipv4; - } - - port-number: u32; - port-name: txt; - port-range { - start: u32; - stop: u32; - } - } - } - } -} - -interfaces { - ethernet @: txt { - firewall { - - in { - name: txt; - } - out { - name: txt; - } - local { - name: txt; - } - } - - vif @: txt { - firewall { - in { - name: txt; - } - out { - name: txt; - } - local { - name: txt; - } - } - } - } -} - -firewall { - %help: short "Firewall configuration"; - %modinfo: provides firewall; - - %modinfo: path "libexec/xorp/xorp_rl_firewall"; - %modinfo: default_targetname "rl_firewall"; - %modinfo: start_commit program "/opt/vyatta/sbin/xorp_tmpl_tool cleanup"; - %modinfo: end_commit program "/opt/vyatta/sbin/xorp_tmpl_tool commit"; - %modinfo: status_method xrl "$(firewall.targetname)/common/0.1/get_status->status:u32&reason:txt"; - /* - %modinfo: shutdown_method xrl "$(firewall.targetname)/rl_firewall/0.1/shutdown_firewall"; - */ - %modinfo: shutdown_method program "/opt/vyatta/sbin/xorp_tmpl_tool cleanup && /opt/vyatta/sbin/xorp_tmpl_tool delete firewall && /opt/vyatta/sbin/xorp_tmpl_tool commit && /opt/vyatta/sbin/xorp_tmpl_tool rtrmgr_indirect_cleanup"; - - /* - %delete: xrl "$(firewall.targetname)/rl_firewall/0.1/delete_rl_firewall"; - */ - %delete: ; - - targetname { - %user-hidden: "XRL target name"; - %help: short "Set the target name"; - } - - log-martians { - %help: short "Configure log martians"; - %allow: $(@) "enable" %help: "Enable log martians"; - %allow: $(@) "disable" %help: "Disable log martians"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall log-martians $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall log-martians"; - } - - send-redirects { - %help: short "Configure send redirects"; - %allow: $(@) "enable" %help: "Enable send redirects"; - %allow: $(@) "disable" %help: "Disable send redirects"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall send-redirects $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall send-redirects"; - } - - receive-redirects { - %help: short "Configure receive redirects"; - %allow: $(@) "enable" %help: "Enable receive redirects"; - %allow: $(@) "disable" %help: "Disable receive redirects"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall receive-redirects $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall receive-redirects"; - } - - ip-src-route { - %help: short "Configure IP source route"; - %allow: $(@) "enable" %help: "Enable IP source route"; - %allow: $(@) "disable" %help: "Disable IP source route"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall ip-src-route $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall ip-src-route"; - } - - broadcast-ping { - %help: short "Configure broadcast ping"; - %allow: $(@) "enable" %help: "Enable broadcast ping"; - %allow: $(@) "disable" %help: "Disable broadcast ping"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall broadcast-ping $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall broadcast-ping"; - } - - syn-cookies { - %help: short "Configure SYN cookies"; - %allow: $(@) "enable" %help: "Enable SYN cookies"; - %allow: $(@) "disable" %help: "Disable SYN cookies"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall syn-cookies $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall syn-cookies"; - } - name @: txt { - %help: short "Configure firewall rule set name"; - - %create: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name '$(@)'"; - %update: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name '$(@)'"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name '$(@)'"; - - description { - %help: short "Firewall description"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) description '$(@)'"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) description"; - - } - - rule @: u32 { - %help: short "Firewall rule number in range from 1 to 1024"; - %order: sorted-numeric; - %allow-range: $(@) "1" "1024" %help: "Firewall rule number"; - - %create: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(@)"; - %update: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(@)"; - - protocol { - %help: short "Configure Protocol"; - %allow: $(@) "all" %help: ""; - %allow: $(@) "tcp" %help: ""; - %allow: $(@) "udp" %help: ""; - %allow: $(@) "icmp" %help: ""; - %allow: $(@) "igmp" %help: ""; - %allow: $(@) "ipencap" %help: ""; - %allow: $(@) "gre" %help: ""; - %allow: $(@) "esp" %help: ""; - %allow: $(@) "ah" %help: ""; - %allow: $(@) "ospf" %help: ""; - %allow: $(@) "pim" %help: ""; - %allow: $(@) "vrrp" %help: ""; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) protocol $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) protocol"; - } - - icmp { - %help: short "ICMP type and code settings"; - %mandatory: $(@.type); - - type { - %help: short "ICMP type"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) icmp type $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) icmp type"; - } - - code { - %help: short "ICMP code"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) icmp code $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) icmp code"; - } - } - - state { - %help: short "Rule state"; - - established { - %help: short "Configure established state"; - %allow: $(@) "enable" %help: "Enable established state"; - %allow: $(@) "disable" %help: "Disable established state"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) state established $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) state established"; - } - - new { - %help: short "Configure new state"; - %allow: $(@) "enable" %help: "Enable new state"; - %allow: $(@) "disable" %help: "Disable new state"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) state new $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) state new"; - } - - related { - %help: short "Configure related state"; - %allow: $(@) "enable" %help: "Enable related state"; - %allow: $(@) "disable" %help: "Disable related state"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) state related $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) state related"; - } - - invalid { - %help: short "Configure invalid state"; - %allow: $(@) "enable" %help: "Enable invalid state"; - %allow: $(@) "disable" %help: "Disable invalid state"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) state invalid $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) state invalid"; - } - } - - action { - %help: short "Configure rule action"; - %allow: $(@) "accept" %help: "Accept packet"; - %allow: $(@) "drop" %help: "Silently drop packet"; - %allow: $(@) "reject" %help: "Reject packet with TCP reset"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) action $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) action"; - } - - log { - %help: short "Configure firewall logging"; - %allow: $(@) "enable" %help: "Enable firewall logging"; - %allow: $(@) "disable" %help: "Disable firewall logging"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) log $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) log"; - } - - source { - %help: short "Firewall source parameters"; - - address { - %help: short "Source address"; - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) source address $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) source address"; - } - - network { - %help: short "Source network"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) source network $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) source network"; - } - range { - %mandatory: $(@.start); - %mandatory: $(@.stop); - %help: short "Source range start and stop"; - - start { - %help: short "Source range start"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) source range start $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) source range start"; - } - stop { - %help: short "Source range stop"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) source range stop $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) source range stop"; - } - } - - port-number { - %help: short "Source port number"; - %allow-range: $(@) "1" "65535" %help: ""; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) source port-number $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) source port-number"; - } - - port-name { - %help: short "Source port name"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) source port-name $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) source port-name"; - } - - port-range { - %help: short "Source port range start and stop"; - %mandatory: $(@.start); - %mandatory: $(@.stop); - - start { - %help: short "Source port range start"; - %allow-range: $(@) "1" "65535" %help: ""; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) source port-range start $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) source port-range start"; - - } - stop { - %help: short "Source port range stop"; - %allow-range: $(@) "1" "65535" %help: ""; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) source port-range stop $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) source port-range stop"; - } - } - } - destination { - %help: short "Firewall destination parameters"; - - address { - %help: short "Destination address"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) destination address $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) destination address"; - } - - network { - %help: short "Destination network"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) destination network $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) destination network"; - } - - range { - %help: short "Destination range start and stop"; - %mandatory: $(@.start); - %mandatory: $(@.stop); - - start { - %help: short "Destination range start"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) destination range start $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) destination range start"; - } - - stop { - %help: short "Destination range stop"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) destination range stop $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) destination range stop"; - } - } - - port-number { - %help: short "Destination port number"; - %allow-range: $(@) "1" "65535" %help: ""; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) destination port-number $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) destination port-number"; - } - - port-name { - %help: short "Destination port name"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) destination port-name $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) destination port-name"; - } - - port-range { - %help: short "Port range start and stop"; - %mandatory: $(@.start); - %mandatory: $(@.stop); - - start { - %help: short "Destination port range start"; - %allow-range: $(@) "1" "65535" %help: ""; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) destination port-range start $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) destination port-range start"; - } - stop { - %help: short "Destination port range stop"; - %allow-range: $(@) "1" "65535" %help: ""; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) destination port-range stop $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) destination port-range stop"; - } - } - } - } - } -} - -interfaces { - ethernet @: txt { - firewall { - %help: short "Configure firewall options"; - - in { - %mandatory: $(@.name); - %help: short "Filter forwarded packets on inbound interface"; - - name { - %help: short "Inbound interface filter name"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set interfaces ethernet $(ethernet.@) firewall in name $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete interfaces ethernet $(ethernet.@) firewall in name"; - } - - } - - out { - %mandatory: $(@.name); - %help: short "Filter forwarded packets on outbound interface"; - - name { - %help: short "Outbound interface filter name"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set interfaces ethernet $(ethernet.@) firewall out name $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete interfaces ethernet $(ethernet.@) firewall out name"; - } - - } - - local { - %mandatory: $(@.name); - %help: short "Filter packets destined for this router"; - - name { - %help: short "Local filter name"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set interfaces ethernet $(ethernet.@) firewall local name $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete interfaces ethernet $(ethernet.@) firewall local name"; - } - - } - } - - vif @: txt { - firewall { - %help: short "Configure firewall options"; - - in { - %mandatory: $(@.name); - %help: short "Filter forwarded packets on inbound interface"; - - name { - %help: short "Inbound interface filter name"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set interfaces ethernet $(ethernet.@) vif $(vif.@) firewall in name $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete interfaces ethernet $(ethernet.@) vif $(vif.@) firewall in name"; - } - } - - out { - %mandatory: $(@.name); - %help: short "Filter forwarded packets on outbound interface"; - - name { - %help: short "Outbound interface filter name"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set interfaces ethernet $(ethernet.@) vif $(vif.@) firewall out name $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete interfaces ethernet $(ethernet.@) vif $(vif.@) firewall out name"; - } - } - - local { - %mandatory: $(@.name); - %help: short "Filter packets destined for this router"; - - name { - %help: short "Local filter name"; - - %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set interfaces ethernet $(ethernet.@) vif $(vif.@) firewall local name $(@)"; - %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete interfaces ethernet $(ethernet.@) vif $(vif.@) firewall local name"; - } - } - } - } - } -} |